Previous releases of IBM Rational Automation Framework (RAF) are affected by the vulnerabilities in Apache Tomcat that may allow remote attackers to influence the availability of the Framework Server.
| Subscribe to My Notifications to be notified of important product support alerts like this.
CVE-ID: CVE-2014-0075
Description: Apache Tomcat is vulnerable to a denial of service, caused by the improper handling of a malformed chunk size as part of a chucked request. A remote attacker could exploit this vulnerability to cause a denial of service.
CVSS Base Score: 5 **CVSS Temporal Score: **See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93365> for more information *CVSS Environmental Score:**Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:N/I:N/A:P)
CVE-ID:CVE-2014-0099
**Description:**Apache Tomcat could allow a remote attacker to obtain sensitive information, caused by the failure to check for overflows when parsing content length headers. By sending specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information.
**CVSS Base Score:**5
**CVSS Temporal Score:*See <https://exchange.xforce.ibmcloud.com/vulnerabilities/93369> for more information
CVSS Environmental Score: Undefined **CVSS Vector: **(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Rational Automation Framework 3.0.1.0, 3.0.1.1 and 3.0.1.2 on all supported platforms.
Upgrade to Rational Automation Framework Fix Pack 3 (3.0.1.3) for 3.0.1 or later.
None